tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: rework kernel random number subsystem
Thor Lancelot Simon wrote:
> *When these generators are rekeyed, the 'rngtest' test is run
> on their output and the kernel will panic if it fails.* It
> is not the long-term intent to panic on a rngtest failure,
> but rather to rekey; but this is a good way to detect bugs in
> the implementation (see below).
Can this panic behaviour be sysctl'able or #ifdef'd, and default to not
do that? It seems like a very large sledgehammer to use. I suspect
there'll be a large class of users who wouldn't expect a panic simply
because they asked for a random number and it found a bug in your
implementation.
Cheers,
Simon.
Home |
Main Index |
Thread Index |
Old Index